Sydney: Australia’s major professional services firm KPMG is facing allegations that it allegedly misused sensitive client information to win audit tenders for large public companies, raising concerns about the firm’s ethics and governance.
The case centers on a detailed complaint from a former senior employee who said internal attempts to raise concerns failed. According to the complaint, the employee first reported issues in early 2024 and subsequently tried to escalate them through KPMG’s global network and the corporate regulator, before the matter was ultimately placed on the public record. The episode adds to ongoing debates over the power of large professional service networks and the sufficiency of whistleblower protections.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
The complaint outlines five main allegations regarding how KPMG pursued and secured high-profile audit tenders. It claims that board papers from a long-term construction client were circulated internally and used in pitches to other major organizations, including large banks and a property group that later switched audits from another firm. Other allegations include alleged unauthorized access to a telecommunications client’s IT system during a live tender, the use of insider-style intelligence in a $30 million bank audit contest, and internal audit documents from a property company left open on a laptop for external audit staff to view. The concerns also extend to potential conflicts of interest involving former partners joining audit client boards or executive roles, raising questions about independence even where no direct breach has been proven.
KPMG Australia’s leadership has strongly denied any wrongdoing and said it has already conducted a two-track legal review. Two separate law firms were engaged: one to reassess the firm’s handling of the complaint internally and another to conduct an independent external investigation. According to the firm, neither process was able to substantiate misconduct based on the information provided. The whistleblower was asked more than 20 times to submit supporting evidence through external counsel and a third-party whistleblower service. Named clients have been notified, and the national regulator is aware of the matter, though strict confidentiality rules prevent the regulator from confirming specific whistleblower reports.
Even if the allegations are not proven, the episode carries broad implications for the audit and advisory sector. Questions about the use of confidential client data in competitive tenders, the duration of auditor-client relationships, and the role of former partners on client boards are likely to attract increasing attention from regulators, boards, and investors. The case also highlights whether large partnerships provide safe and credible channels for insiders to raise concerns, and how parliamentary privilege interacts with corporate investigations and reputational risk.
Experts note that regardless of the final outcome, the controversy is likely to feed into a longer-term debate about audit independence, market concentration, and governance in global professional service networks.
